Over last weekend, November 28, 2010, a rather large ebaY powerseller, pugster888 a TRS (Top Rated Seller) had their account taken over and anywhere between around 57,000 to 70,000 (or more) fake high-end listings uploaded rapidly. The listings all contained an image of text urging would-be purchasers to contact the ‘seller’ at an off ebaY email address, a familiar MO.
(click the images for full page, reduced size views)
Above: There were many many more listings than this. I did not have time to sit around and watch.
Below: One of the dozens if not hundreds of listings for this particular piano.
For those not following along, this sort of thing has happened too many times to recount them all here. Literally for years now. Yet ebaY refers to these events as isolated cases.
Of course the first things which jump right out regarding this time is the stature, feedback level, and longevity of the seller/victim,
Screencaps here show the rate at which these listings were pumped in. Note the amounts of listings inserted per minute, as the search terms are ‘newly listed’, and the search modifiers set to not show the seller’s legit items.
Note the time on the above screencap showing 56,985 fake listings. (7:23 AM)
Here is the scene at 4:51 AM, with 27,833 results/listings.
That’s 29,152 fake listings in high fraud rate categories in about 2 1/2 hours time.
Legit sellers do not have that ability with such items. There is a delay of several hours before items become visible on the site when listing items in certain ‘high fraud’ categories. ebaY at one time touted them as “fraud filters“, the magical new weapon to building site trust and platform safety after our friend Vladuz reamed ebay. That is indicative of “hacking” as opposed to simple “account take over” (ATO) or ‘phishing’.
I’m curious to know whether ebaY would blame them for giving away their passwords? Or accuse pugster888 of falling victim to phishing attacks and getting their database hacked, as ebaY and it’s employees have?
Would the seller/victim admit they fell for a phishing or spearphishing ploy? Is this just another firm indication that the troubles at ebaY are much deeper and darker than most are aware?
I never examined the listings for the presence of any malware or dubious scripting etc, but it would be a reasonable assumption they may have also carried an additional payload of some type. The hackers everywhere are more crafty and sophisticated than ever. The ‘blended threat‘ is more commonplace.
True to their Orwellian form, ebaY’s censors slithered out, and then back into the memory hole, taking with them ebaY forums threads regarding the event. Note the number 70K mentioned.
Finally, there were more victims with very similar listings: shakyahandicraft and 290401 (another TRS) to name a couple.
screencap of 290401 item
screencap of shakyahandicraft seller list
Over at the CAPP forum as well as on youtube, I have a more recent scams/hacking/hijackings and victims documented.
Regardless of whatever ebaY’s Minitrue department may claim, these events and worse are very commonplace.
Does ebaY seem like a safe, trustworthy, and/or honest platform to buy, sell or surf on?